On Tue, May 24, 2011 at 2:54 PM, Jon Bane <jon@nnbfn.net> wrote:
On Tue, May 24, 2011 at 5:26 PM, Brent Jones <brent@servuhome.net> wrote:
Well, with the new Juniper entry level MX devices out now, the cost difference between Vyatta and Juniper is probably insignificant now, and with Juniper devices, you have much higher PPS rate.
Granted, I have Vyatta devices now doing BGP, and they work fine, but you can't argue that ASICs can forward much faster than a general purpose CPU :)
To each their own
-- Brent Jones brent@servuhome.net
I won't argue that an ASIC isn't faster, but it is hard to argue that Vyatta isn't capable of high-end performance.
http://download.intel.com/embedded/processor/solutionbrief/322973.pdf
The graphs show near 100% CPU usage at small packet sizes, and low PPS. That would lead to a pretty easy to launch DDoS against a software based router platform. Since there isn't a separation between control plane/forwarding plane, an attacker could trivially take you offline. I'd imagine due to the nature of x86 platform, being interrupt based and forwarding table residing in memory the CPU has to access, theres a finite amount you can scale this without risking big disruptions from a relatively small DDoS. Not saying software platforms can't achieve good throughput, there has to be a realization of the limits of the platform, and when it shouldn't be used. Again, I personally use the Vyatta commercial software, and it works great, so I'm not knocking it. But I wouldn't consider it high-end performance when a few million PPS can lead to service disruptions. -- Brent Jones brent@servuhome.net